DevOps/ansible-role-matrix-stack
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Updated configurations

Browse Source
This commit is contained in:
Eric Meehan 2025-05-25 22:11:55 -04:00
parent eed66cd183
commit 8c2356d303
1 changed files with 43 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
tasks/main.yml
View File

@ -51,6 +51,8 @@
##
## Most settings are configurable but some settings are owned by the chart and can't overwritten
additional:
0-customConfig:
config: |
email:
from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
reply_to: '"No reply" <no-reply@eom.dev>'
@ -63,39 +65,24 @@
upstream_oauth2:
providers:
- id: 01JG22H4F0G8PYCZ5HVTQVHBC4
issuer: https://google.com/
human_name: Google
brand_name: google
issuer: https://accounts.google.com
client_id: "{{ matrix_google_oidc_client_id }}"
client_secret: "{{ matrix_google_oidc_client_secret }}"
token_endpoint_auth_method: client_secret_basic
discovery_mode: oidc
token_endpoint_auth_method: client_secret_post
scope: openid profile email
claims_imports:
subject:
template: "{{ '{{ user.sub }}' | quote }}"
# -- The localpart is the local part of the user's Matrix ID.
# For example, on the `example.com` server, if the localpart is `alice`,
# the user's Matrix ID will be `@alice:example.com`.
localpart:
action: require
template: "{{ '{{ user.preferred_username }}' | quote }}"
# -- The display name is the user's display name.
action: ignore
displayname:
action: suggest
template: "{{ '{{ user.name }}' | quote }}"
# -- An email address to import.
action: require
template: "{{ '{{ user.name }}' }}"
email:
action: suggest
template: "{{ '{{ user.email }}' | quote }}"
# -- Whether the email address must be marked as verified.
# Possible values are:
# - `import`: mark the email address as verified if the upstream provider
# has marked it as verified, using the `email_verified` claim.
# This is the default.
# - `always`: mark the email address as verified
# - `never`: mark the email address as not verified
set_email_verification: import
action: require
template: "{{ '{{ user.email }}' }}"
account_name:
template: "{{ '{{ user.email }}' }}"
ingress:
host: mas.eom.dev
postgres:
@ -112,7 +99,7 @@
## The size of a PersistentVolumeClaim to be constructed
## Ignored if existingClaim is provided
size: 256Gi
size: 2Ti
## The StorageClass to be used by the constructed PersistentVolumeClaim.
## Will use the cluster default if not provided
@ -126,26 +113,16 @@
## The maximum size (in bytes ending in M or K) that Synapse will accept for media uploads
## You may need to adjust your ingress controller to also allow uploads of this size
maxUploadSize: 100M
## Key used to sign events and federation requests.
## This needs to be the full signing key starting `ed25519 ...`.
## This secret is optional, and will be generated by the `initSecrets` job
## if it is empty.
## It can either be provided inline in the Helm chart e.g.:
## signingKey:
## value: SecretValue
##
## Or it can be provided via an existing Secret e.g.:
## signingKey:
## secret: existing-secret
## secretKey: key-in-secret
signingKey: {}
ingress:
host: synapse.eom.dev
custom-config:
additional:
1-custom-config:
config: |
smtp_host: postfix.eom.dev
smtp_port: 587
smtp_user: synapse
smtp_pass: {{ synapse_admin_password }}
client_base_url: https://element.eom.dev/
auto_join_rooms:
- "#general:eom.dev"